Lictor Scanning Policy
If you reached this page from a Lictor-Patrol User-Agent in your logs, this explains who we are and how to opt out instantly.
Lictor is an independent security-research project. We look for publicly exposed security problems: leaked credentials, exposed config files, and subdomain takeovers. Then we privately notify the owners so they can fix them before criminals find them. We are not attacking you; we are trying to help you, for free.
What we do
- ✓ Send a small number of lightweight, identifiable requests to observe whether an exposure is present.
- ✓ Prefer
HEAD requests on anything sensitive. We detect, we do not download your data.
- ✓ Rate-limit ourselves and spread DNS across public resolvers, so we stay gentle on your infrastructure.
- ✓ Disclose privately and responsibly, and report only aggregate statistics in public, never your name.
What we never do
- ✗ Exploit a vulnerability, read credential contents, or exfiltrate data.
- ✗ Brute-force logins, fuzz, or run denial-of-service / disruptive tests.
- ✗ Publish, sell, or share what we find with anyone but you.
How to identify us
- User-Agent:
Lictor-Patrol/1.0 (+https://lictor-ai.com/scan-policy; abuse@lictor-ai.com)
- All requests are read-only and rate-limited.
Opt out instantly, no questions asked
Email
abuse@lictor-ai.com with the domain(s) you want excluded. We add you to our permanent exclusion list and you will not be contacted or scanned again. If you are an ISP or hosting provider acting on behalf of customers, send the range or domain list and we will honor it the same way.
Abuse & contact
Security or abuse questions: abuse@lictor-ai.com. We respond to every message from a real person within one business day.